CVE-2024-58063
"RTLwifi Linux Kernel Memory Leak and Invalid Access Vulnerability"
Description
In the Linux kernel, the following vulnerability has been resolved: wifi: rtlwifi: fix memory leaks and invalid access at probe error path Deinitialize at reverse order when probe fails. When init_sw_vars fails, rtl_deinit_core should not be called, specially now that it destroys the rtl_wq workqueue. And call rtl_pci_deinit and deinit_sw_vars, otherwise, memory will be leaked. Remove pci_set_drvdata call as it will already be cleaned up by the core driver code and could lead to memory leaks too. cf. commit 8d450935ae7f ("wireless: rtlwifi: remove unnecessary pci_set_drvdata()") and commit 3d86b93064c7 ("rtlwifi: Fix PCI probe error path orphaned memory").
INFO
Published Date :
March 6, 2025, 4:15 p.m.
Last Modified :
March 25, 2025, 2:37 p.m.
Source :
416baaa9-dc9f-4396-8d5f-8c081fb06d67
Remotely Exploitable :
No
Impact Score :
3.6
Exploitability Score :
1.8
References to Advisories, Solutions, and Tools
Here, you will find a curated list of external links that provide in-depth
information, practical solutions, and valuable tools related to
CVE-2024-58063.
We scan GitHub repositories to detect new proof-of-concept exploits. Following list is a collection of public exploits and proof-of-concepts, which have been published on GitHub (sorted by the most recently updated).
Results are limited to the first 15 repositories due to potential performance issues.
The following list is the news that have been mention
CVE-2024-58063 vulnerability anywhere in the article.
The following table lists the changes that have been made to the
CVE-2024-58063 vulnerability over time.
Vulnerability history details can be useful for understanding the evolution of a vulnerability, and for identifying the most recent changes that may impact the vulnerability's severity, exploitability, or other characteristics.
-
Initial Analysis by [email protected]
Mar. 25, 2025
Action Type Old Value New Value Added CVSS V3.1 AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H Added CWE CWE-401 Added CPE Configuration OR *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 6.13 up to (excluding) 6.13.2 *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 6.2 up to (excluding) 6.6.76 *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 6.7 up to (excluding) 6.12.13 *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 5.11 up to (excluding) 5.15.179 *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 5.16 up to (excluding) 6.1.129 *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 5.5 up to (excluding) 5.10.235 *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 2.6.38 up to (excluding) 5.4.291 Added Reference Type kernel.org: https://git.kernel.org/stable/c/32acebca0a51f5e372536bfdc0d7d332ab749013 Types: Patch Added Reference Type kernel.org: https://git.kernel.org/stable/c/455e0f40b5352186a9095f2135d5c89255e7c39a Types: Patch Added Reference Type kernel.org: https://git.kernel.org/stable/c/624cea89a0865a2bc3e00182a6b0f954a94328b4 Types: Patch Added Reference Type kernel.org: https://git.kernel.org/stable/c/6b76bab5c257463302c9e97f5d84d524457468eb Types: Patch Added Reference Type kernel.org: https://git.kernel.org/stable/c/85b67b4c4a0f8a6fb20cf4ef7684ff2b0cf559df Types: Patch Added Reference Type kernel.org: https://git.kernel.org/stable/c/b96371339fd9cac90f5ee4ac17ee5c4cbbdfa6f7 Types: Patch Added Reference Type kernel.org: https://git.kernel.org/stable/c/e7ceefbfd8d447abc8aca8ab993a942803522c06 Types: Patch Added Reference Type kernel.org: https://git.kernel.org/stable/c/ee0b0d7baa8a6d42c7988f6e50c8f164cdf3fa47 Types: Patch -
CVE Modified by 416baaa9-dc9f-4396-8d5f-8c081fb06d67
Mar. 13, 2025
Action Type Old Value New Value Added Reference https://git.kernel.org/stable/c/455e0f40b5352186a9095f2135d5c89255e7c39a Added Reference https://git.kernel.org/stable/c/85b67b4c4a0f8a6fb20cf4ef7684ff2b0cf559df Added Reference https://git.kernel.org/stable/c/b96371339fd9cac90f5ee4ac17ee5c4cbbdfa6f7 -
New CVE Received by 416baaa9-dc9f-4396-8d5f-8c081fb06d67
Mar. 06, 2025
Action Type Old Value New Value Added Description In the Linux kernel, the following vulnerability has been resolved: wifi: rtlwifi: fix memory leaks and invalid access at probe error path Deinitialize at reverse order when probe fails. When init_sw_vars fails, rtl_deinit_core should not be called, specially now that it destroys the rtl_wq workqueue. And call rtl_pci_deinit and deinit_sw_vars, otherwise, memory will be leaked. Remove pci_set_drvdata call as it will already be cleaned up by the core driver code and could lead to memory leaks too. cf. commit 8d450935ae7f ("wireless: rtlwifi: remove unnecessary pci_set_drvdata()") and commit 3d86b93064c7 ("rtlwifi: Fix PCI probe error path orphaned memory"). Added Reference https://git.kernel.org/stable/c/32acebca0a51f5e372536bfdc0d7d332ab749013 Added Reference https://git.kernel.org/stable/c/624cea89a0865a2bc3e00182a6b0f954a94328b4 Added Reference https://git.kernel.org/stable/c/6b76bab5c257463302c9e97f5d84d524457468eb Added Reference https://git.kernel.org/stable/c/e7ceefbfd8d447abc8aca8ab993a942803522c06 Added Reference https://git.kernel.org/stable/c/ee0b0d7baa8a6d42c7988f6e50c8f164cdf3fa47
CWE - Common Weakness Enumeration
While CVE identifies
specific instances of vulnerabilities, CWE categorizes the common flaws or
weaknesses that can lead to vulnerabilities. CVE-2024-58063 is
associated with the following CWEs:
Common Attack Pattern Enumeration and Classification (CAPEC)
Common Attack Pattern Enumeration and Classification
(CAPEC)
stores attack patterns, which are descriptions of the common attributes and
approaches employed by adversaries to exploit the CVE-2024-58063
weaknesses.